Field of the Invention
The present invention relates in general to the field of computers and similar technologies, and in particular to software utilized in this field. Still more particularly, it relates to a method, system and computer-usable medium for controlling access to a resource deployed in a cloud environment.
Description of the Related Art
Cloud computing environments offer a flexible, cost-effective, and dependable delivery platform for providing information technology (IT) services over the Internet. In particular, these cloud computing environments allow resources to be rapidly deployed and easily scaled. Likewise, a broad variety of processes, applications, and services can be provisioned on demand, regardless of the user location or device. As a result, cloud computing environments give organizations the opportunity to increase their service delivery efficiencies, streamline IT management, and better align IT services with dynamic business requirements.
While cloud computing environments offer many benefits, they also present an added level of risk because essential services are often outsourced to a third party. This externalized aspect of outsourcing makes it more difficult to maintain data integrity and privacy. As an example, the proliferation of common images opens a security threat to a homogenous cloud computing environment. More specifically, if all common images use the same passwords and file paths, then an attack that compromises one node would compromise all nodes within the cloud computing environment.
Known approaches to mitigating broad attacks include having nodes in a cloud computing environment modifying each system with unique attributes such as user password and secure shell (SSH) hash keys. Other approaches for “heterogenizing” a cloud computing environment include deploying applications to unique file paths on each node, putting unique application passwords on each node, or using mixed hardware for the systems (e.g., x86 vs. PowerPC processor architectures). However, such a heterogeneous environment would require administrators to track these unique aspects, which in turn could create operational issues stemming from misinterpreted passwords, wrong file paths, and so forth.